我正在尝试将表单数据插入到我的数据库中的一个表中。要插入的数据是姓名、电子邮件、当前日期和用户兴趣。 这是代码。
if (isset($_POST['name'])) {
$name = $_POST['name'];
$email = $_POST['email'];
$intrests = $_POST['intrests'];
$default_intrests = array("mob","pcs","scm","oth");
$interests = "";
if (count($intrests) == 0) {
$interests = implode(",", $default_intrests);
}
else {
$interests = implode(",", $intrests);
}
$sqll="insert into subscriptions (name,email,subdate,intrests) values ($name,$email,CURRENT_DATE, $interests)";
$insert = mysqli_query($link, $sqll);
if (!$insert) {
echo mysqli_error($link);
}
}
在提交表单时,显示以下错误:
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'dsa,asdf@qwer.com,CURRENT_DATE, mob)' at line 1
最佳答案
将 '
添加到值中,因为其中一些是 string
$sqll="insert into subscriptions (name,email,subdate,intrests)
values ('$name','$email',CURRENT_DATE, '$interests')";
事实上,直接将参数写入sql是个坏主意,最好使用prepared-statements。这样做并避免SQL Injection
关于php-sql语法错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/51238608/